Topic: Proof of Stake Bitcoin? - page 11. (Read 15926 times)

The real opposing force would be miners, true. They have invested over a few million bucks to rake in huge amount of profits every day just to let it go that easily. Besides, switching over to PoS means that consensus wise, people who have the fatter wallets would have the most voice over a certain issue/development that the coin might face in the future.

PoS is problematic on many levels and is extremely hard to deploy. Research on the topic is also scarce.

Miners have been shown to be problematic towards the long term health of bitcoin.

A more interesting point is how the bitcoin community lost the thought/research leadership in this area which is a real harm and probably more dangerous in the long term than most people think.

Proof of Work algorithm gives you the option to always get some coins.
In PoS system, early adopters hold the power forever, this is not a good long term strategy, since no body is perfect and nobody can be trusted.
In PoW everybody is equal in casting a vote regarding to time they joined the network, but still bounded only by the amount of electricity they have and since electricity can be traded, it means richest are the most powerful.
In PoS you can get bigger power to vote in two ways, you are an early adopter or you have a lot of coins currently. And since those coins can presumably be traded as well, that means the richest have most of the power in PoS as well.
So PoS has one more vector for reorganization, but the benefit of lower costs of the network.

I believe Bitcoin should stay PoW and I can't see a reason for it to make a switch. I don't believe security of it should be put on the risk for the benefit of saving some money. A natural system of who can bring more to the table is the best option we currently have to keep the blockchain safe.

It could bring a problems. So why we need this?

Knowing the danger? The danger of sending your own funds to yourself? How is that a danger in any legitimate currency?

The 'nothing at stake' attacks might sound theoretical, but more are being discovered all the time - it's only a matter of time before one is discovered that hasn't been patched over in one of the major PoS coins.

I hardly believe BitCoin will move to Proof of stake. Ethereum will be using the proof of stake in future but it will be difficult for bitcoin to use proof of stake to reach consensus.

"If not bit then what is the fun in it" -Ame.

Hmm I do not think this will happen.. There may never be such agreement

I also think Bitcoin will not take the route to proof of stake. It works well in Proof of Work when it comes to being decentralized.   

Well, this attack scenario seems very unlikely to succeed. Why should the current holders of the coin 51% it? Knowing the danger, big holders should not do that without a very good reason and that would need extremely good (and expensive) social engineering. I can imagine it only in a very small PoS currency where few people (more exactly: people with a small part of the supply) are "staking" (or "forging").

All the long range attack variants have something in common: Their success probability is negatively correlated with the size of the coin: the attacks are easier when the coin is small, distribution is uneven and "staking"/"forging" is done by few participants. That is an inherent weakness of PoS: it is a bad (=insecure) choice for typical "sh*tcoins" (small cryptocurrencies with large premines - that's why they need checkpoints and these things), but the bigger they get, the more secure it becomes. That's why I think Bitcoin could change to PoS without problems - it's not that it's distribution is totally even, but it's even enough to make such attacks more costly and difficult than to 51% it.

I had a large discussion in a very similar thread with dinofelis (the funny thing is that I was the "PoS skeptic" in that discussion) but I came to the conclusion that PoS is, from a practical point of view, equivalent to PoW and the arguments against it brought in by Andrew Poelstra and others are merely of theoretical nature.

3) You convince a majority of coin stake* to send a transaction to themselves at the same time and you bring the entire network to a semi-permanent halt as no new blocks will be produced since PoS coins are forced to put safeguards around the amount of time taken after a transfer of funds before staking can begin due to other long range attacks.

There are so many variations of the long-range attack that we almost certainly haven't discovered them all.

Cheers, Paul.


*) this could be as little as three people, depending on the distribution of coins at the time

This topic has already been discussed a couple of times. But this answer deserves a comment:


The attack described in monsterer's thread is the well known "Long Range Attack". It has often been cited as "the final blow to PoS" or "the hard problem" or something similar by Proof of Stake critics.

However, if you look at the attack, it is so complicated and so expensive that it will probably be easier to attack a Proof of Work currency in 51% fashion. At this moment, you need about $400-800 million dollars to attack the $44 billion Bitcoin chain (and in PoW too, you can get some or even all of them back by short selling in the right moment).

To attack a PoS currency via the Long Range attack you would have to possess about 15% of the coin supply at some moment in the blockchain history (according to statistics from NXT, normally about 30% of the coin owners are "staking" or "forging", so 15% is enough for a "51% PoS attack") AND then trick the rest of the network into a long chain reorganization.

Imagine now a 44 billion $ PoSCoin. You have basically two options:

1) You buy old keys that at the same time in the blockchain history had 15% of all coins. Maybe some old exchange keys (BTC-E? ) will do the trick. (That is the "bribing attacker" Vitalik Buterin has described in his PoS analysis.)
2) You buy 15% of the supply and send them to your wallet, send them back to the exchange, privately mine a double-spend attack chain, and sell the coins again, and then you publish the chain for an attack.

Option 2 will cost you at least 5 billion $ (probably much more, above all if you try to buy them fast), although you will recover some by selling again. Maybe you will get most of them back, but it isn't at all sure that you, in the end, will "get away" cheaper than with the 400-800 million PoW 51% attack.

Option 1 looks cheaper, but first I don't think you will get the keys for free, and second, "buying a key" involves the risk that the old owner uses it in the same way. You would have to trust the old owners - and every single of them can tell the others your plan that you are attacking the coin.

And then you must trick the chain into a "reorg" - most PoS coins simply prohibit long reorganizations. So Option 1 is almost impossible, and option 2 will be very expensive - probably more than an 51% attack.

I know that PoS is, in theory, a little bit weaker because no external resources are used, but in a practical sense I think PoW and PoS are equally secure.

I don't see why Bitcoin would become POS. If that happens, it can cause some problems.

I believe bitcoin going for PoS is more of technical issue than populist issue.

Thus I believe bitcoin will ultimately go for PoS.

Proof of Stake is definitely superior, that's the reason why ETH will convert to PoS in the future, they are actively working on the conversion currently, with experimental versions already in beta test.

But Bitcoin probably won't, Bitcoin is more decentralized, and the forces against PoS in Bitcoin is too strong, the miners will 100% oppose it. It nearly turned into a figurative thermo-nuclear war for getting a 1 line code change to change block limit from 1MB to larger blocks. It's hopeless to change to Proof of Stake for Bitcoin, you might as well fork Bitcoin like Bitcoin Cash did.

I do not think so. Do not look for problems where they do not exist.

No.

Unless there was an update through Bitcoins final development there wouldn’t be any PoS implemented into Bitcoin because there’s already altcoins that feature that concept. There wouldn’t be any point for Bitcoin to get a PoS coded into it because Bitcoin is already capped at 21 million coins.

Plus, if there was a PoS code placed into Bitcoin then the transactions within Bitcoin’s Blockchain would be cluttered because there isn’t that many miners that can keep up with the competitive mining difficulty that Bitcoin has.

If you are spending 0.0001 Bitcoin for transactions you would have to spend much more to get your transactions confirmed.

No, because PoS doesn't work as a decentralised consensus. Every single PoS coin is a private club, with trusted owners, much like Visa the company is. When you invest in a PoS coin you are being tricked into thinking you're investing in the future, when actually you're investing something that can never work as designed.

Read this for more details:

https://bitcointalksearch.org/topic/proof-that-proof-of-stake-is-either-extremely-vulnerable-or-totally-centralised-1382241

Cheers, Paul.

DO you guys ever think that bitcoin will do proof of stake? Just wanted to get some peoples insights on this.